Aded password encryption with s2k_fo protocol

dchristl · Feb 5, 2025 · 2530814 · 2530814
1 parent 8ca3f8d
commit 2530814
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/endpoint/register/pypush_gsa_icloud.py b/endpoint/register/pypush_gsa_icloud.py
@@ -28,7 +28,6 @@
 # Disable SSL Warning
 urllib3.disable_warnings()
 
-
 logger = logging.getLogger()
 
 
@@ -76,13 +75,12 @@ def gsa_authenticate(username, password):
     r = gsa_authenticated_request(
         {"A2k": A, "ps": ["s2k", "s2k_fo"], "u": username, "o": "init"})
 
-    if r["sp"] != "s2k":
-        logger.warn(
-            f"This implementation only supports s2k. Server returned {r['sp']}")
+    if r["sp"] not in ["s2k", "s2k_fo"]:
+        logger.warn(f"This implementation only supports s2k and sk2_fo. Server returned {r['sp']}")
         return
 
     # Change the password out from under the SRP library, as we couldn't calculate it without the salt.
-    usr.p = encrypt_password(password, r["s"], r["i"])
+    usr.p = encrypt_password(password, r["s"], r["i"], r["sp"])
 
     M = usr.process_challenge(r["s"], r["B"])
 
@@ -190,8 +188,11 @@ def generate_meta_headers(serial="0", user_id=uuid.uuid4(), device_id=uuid.uuid4
     }
 
 
-def encrypt_password(password, salt, iterations):
+def encrypt_password(password, salt, iterations, protocol):
+    assert protocol in ["s2k", "s2k_fo"]
     p = hashlib.sha256(password.encode("utf-8")).digest()
+    if protocol == "s2k_fo":
+        p = p.hex().encode("utf-8")
     return pbkdf2.PBKDF2(p, salt, iterations, SHA256).read(32)